RE: Cobalt Scan

From: Jeroen Wesbeek (duhat_private)
Date: Fri Jul 27 2001 - 00:55:46 PDT

  • Next message: Keith.Morgan: "Sneaky vuln-scanning, vulnerable list generation"

    Hi there,
    
    After I read this mail I checked our logs and the same thing poped up there:
    
    access_log:195.92.95.61 - - [25/May/2001:19:35:34 +0200] "HEAD
    /cobalt-images/welcome2.gif HTTP/1.0" 404 0
    access_log:195.92.95.61 - - [24/Jun/2001:03:50:57 +0200] "GET
    /cobalt-images/welcome2.gif HTTP/1.0" 404 291
    error_log:[Fri May 25 19:35:34 2001] [error] [client 195.92.95.61] File does
    not exist: /to/vhost/cobalt-images/welcome2.gif
    error_log:[Sun Jun 24 03:50:57 2001] [error] [client 195.92.95.61] File does
    not exist: /to/vhost/cobalt-images/welcome2.gif
    
    I noticed the IP adress is (probably) the same and it reverses to:
    
    Name:    ariston.netcraft.com
    Address:  195.92.95.61
    
    Appearantly somebody just used netcraft to see more information about your
    server :)
    So no worries :)
    
    
    dowebwedo
    Jeroen Wesbeek
    .programming
    Nieuwekade 213 | 3511 RW Utrecht
    The Netherlands
    p 030 232 63 38 | f  030 234 26 16
    
    [roses are red, violets are blue,
             I am schizophrenic and so am I ]
    
    
    -----Original Message-----
    From: Ryan W. Maple [mailto:ryanat_private]
    Sent: donderdag 26 juli 2001 19:04
    To: incidentsat_private
    Subject: Cobalt Scan
    
    
    
    I just got this in one of my access_log's today:
    
      195.92.95.XX - - [26/Jul/2001:10:25:57 -0400] "HEAD
    /cobalt-images/welcome2.gif HTTP/1.0" 404 0
    
    It looks like a scan for a Cobalt box.  I don't have one but I haven't
    seen this mentioned here before (probably part of some bigger kit I'd
    assume).
    
    Cheers,
    Ryan
    
     +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
       Ryan W. Maple          "I dunno, I dream in Perl sometimes..."  -LW
       Guardian Digital, Inc.                     ryanat_private
     +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:19:02 PDT